I have used pact-jvm-provider-maven/ plugin to publish different versions (1.0.0 and 2.0.0) of pacts to Pact-Broker. I'm using following configuration to verify the pacts against the hosted Provider....
<plugin>
<groupId>au.com.dius</groupId>
<artifactId>pact-jvm-provider-maven_2.11</artifactId>
<version>3.5.4</version>
<configuration>
<serviceProviders>
<serviceProvider>
<name>Books</name>
<pactBrokerUrl>http://localhost:80/</pactBrokerUrl>
</serviceProvider>
</serviceProviders>
<configuration>
<pact.showStacktrace>true</pact.showStacktrace>
</configuration>
</configuration>
</plugin>
It is verifying only the latest pact version i.e 2.0.0.
For backword compatibility, i wanted to verify all the versions of PACTS published to Broker against the Provider service.
Has anyone done this successfully?
You can verify different versions of pacts by using the tagging feature of the pact broker. See https://github.com/DiUS/pact-jvm/blob/master/pact-jvm-provider-maven/README.md#verifying-pacts-from-an-pact-broker-that-match-particular-tags-version-335 on how to use this with the Maven plugin.
Basically, you assign tags to the different versions (like PROD for 1.0.0 and TEST for 2.0.0), and then you can verify your providers against both of those versions.
Related
I been trying to add sameSite = None attribute to my project cookies as a part of Chrome standards. I am using .net framework 4.8 and it supports sameSite for cookie (https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite#using-samesite-in-aspnet-472-and-48), but i am not able to do it from web.config
Please help if anyone has faced similar problem and resolved that.
This is only a warning because the attribute isn't included in Visual Studio yet.
It shouldn't stop you compiling and will work in production because the latest browsers support it.
As Microsoft includes this in their official documentation I would use it as recommended and ignore the warning until an update is released with the same site parameter included.
<configuration>
<system.web>
<httpCookies sameSite="[Strict|Lax|None|Unspecified]" requireSSL="[true|false]" />
<system.web>
<configuration>
As of Visual Studio Community 2022 Version 17.0.6 this is still not included.
(It might be safe to assume this will never get added to Visual Studio.)
chrome://flags/#same-site-by-default-cookies
Paste In Browser Url
Disable It
Now Working fine
samesite=None
I have a .Net Web API project targeting .Net Framework 4.6, in this project I have Microsoft.AspNetCore 2.2.0.0 DLL.
I have read that Microsoft.AspNetCore 2.2.0.0 DLL has DoS (Denial of Service) security vulnerability.
https://github.com/aspnet/AspNetCore/issues/6488
When I look into the recommended resolution it says to upgrade to Version 2.7, now issue is I can't upgrade to 2.7 as highest I can upgraded for .Net Framework is 2.2.0.0 which I already have.
Query:
Is this security vulnerability only for apps created by targeting
.Net Core and not .Net Framework even though Microsoft.AspNetCore
2.2.0.0 library is used?
If first is true, then does it mean I don't have to do anything for this security vulnerability? If not, then what should I do to get over this security concern (given that I can't upgrade Microsoft.AspNetCore to 2.7 in a .Net Framework project)?
All our security advisories include sections describing how to detect if you're affected and how to update. The linked issue has this down in the "Advisory FAQs". In this case you need to install the latest version of the Windows Hosting Bundle. This is true even if you are using .NET Framework. That particular vulnerability is in the ASP.NET Core Module for IIS, which is the native component that allows you to host ASP.NET Core apps (on both .NET Core and .NET Framework) in IIS. If you install the hosting bundle, all your ASP.NET Core apps (including those targeting .NET Framework) should be protected from this issue. The FAQs also include instructions on how to verify you have the right version installed (using a PowerShell script to check the version number of the aspnetcore.dll file)
For packages: We don't update every single package for every patch release. Only the affected packages are updated. The Microsoft.AspNetCore package hasn't been patched at all, so it's still at 2.2.0. Other packages, like Microsoft.AspNetCore.Mvc.RazorPages have had some patches, so they're at versions like 2.2.5. You should always ensure that all your packages that start with Microsoft.AspNetCore have the latest patch version (the third component of the version number) installed in order to get all necessary security updates.
I installed the .NET SDK 2.1.301-win-x64.exe and afterwards updated all the nuget packages to 2.1.1.
In my WebApp I have the Nuget Package Microsoft.AspNetCore.All 2.1.1 and Microsft.NETCore.App 2.1.0. In the Nuget Window I see that there's also the Version 2.1.1, but I can't select it (Blocked by Project)
Same story in my Console App: Microsft.NETCore.App 2.1.0
My first question: Is here already something wrong? Or is this expected behavior?
If I build the WebApp as self contained App, that works well.
If I biuld the Console App as self contained App (Self-contained / win-x64). I get the follwoing Error:
The project was restored using Microsoft.NETCore.App version 2.1.1,
but with current settings, version 2.1.0 would be used instead. To
resolve this issue, make sure the same settings are used for restore
and for subsequent operations such as build or publish. Typically
this issue can occur if the RuntimeIdentifier property is set during
build or publish but not during restore."
The source of this error is a referenced project.
What do I do wrong? Let me know if you need additional information, then I will add it.
This is a known issue for the moment. In your referenced project's csproj file, set the TargetLatestRuntimePatch property:
<PropertyGroup>
<TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
</PropertyGroup>
This only happens when a .NET Core application references another .NET Core application and self-contained roll-forward only partially kicks in during publish.
For portable applications, it is enough to target 2.1.0 version of Microsoft.NETCore.App and when run on a target machine, the latest patch available on the machine will be used automatically. In recent tooling, a change was made so that the tooling would use the latest known patch version for self-contained applications so you automatically bundle the latest patch release with your application. However, this doesn't flow over project-to-project references.
See Self-contained deployment runtime roll forward for more information.
I created a class library in .net core and and hosted class library on my local nuget server.Class library contains controllers and some other classes to be used by reflection.
I consumed this class library in my asp.net core MVC project.By installing it as nuget refrence. Now my MVC project builds well but at runtime I am not able to find my contoller or other classes defined in class library.
weird behavior when I copy dll of my class library to my MVC projects bin\Debug\netcoreapp1.1 directory, reflection starts working.
this is happening when i run my application in debug mode on IIS Express and I am using .net core 1.1 on Visual studio 2015
Question: Is there a way to extract nuget packages in to bin\Debug\netcoreapp1.1 on build.
Question: Do I need to added some configuration so that Reflection look for dll in respective nuget package location.
Have a look at this answer, it might cover what you are looking for.
https://stackoverflow.com/a/38252635/138029
UPDATE:
You could try adding a NuGet.config file to your project root.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
<add key="NuGet" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="Local" value="[PATH_TO_YOUR_NUGET_PACKAGES]" />
</packageSources>
</configuration>
As an aside, if the directory is local to the project root you can commit those local packages to the Source Control. This allows build tools like Visual Studio Team Services to reference them automatically when they build.
I'm new to Intellij. I've created a maven project and I'm playing around adding different kind of frameworks to the project. I'm using JBoss wildfly.
I'm having problem with the web application framework. Its creating web.xml and all the necessary folders. But when I try to create a Servlet I get an error saying that "javax.servlet.http" does not exist upon trying to compile the application.
I'm pretty sure the JBoss Wildfly application has the serlvet api but I'm not sure how to add all those libraries to the project. I could add them manually but I don't think that is the correct way to do it. All the necessary web application api should be available by default give that you have chosen the right frameworks.
What am i doing wrong?
Edit: Ok I've managed to find all the API inside of the wildfly folder. But It feels very clunky to be forced to add servlet API manually. Intellij adds all the api for web application when you create a project and add application server - > Wildfly. But you when you create a maven project and add web application framework servlet api is not added to project libraries.
You should configure your dependencies using Maven if you have a maven project. IntelliJ only adds libraries for projects that use IDEA to build (because it has to download the jars, build libraries, and get that all into the class path).
Since maven is your build tool, you are responsible for setting up the dependencies in your pom.
As said in sylvanaay's answer you have to add servlet-api in your pom but it should be in provided scope as follows.
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
If you add the library mannualy in Intellij IDEA the build may fail when you do maven build.